HubSpot · 20 hours ago
Lead Security Analyst, Cloud & Endpoint Incident Response
United States
Full-time
Remote
Senior Level
$131K/yr - $209K/yrHubSpot is an AI-powered customer platform that enables businesses to grow by focusing on their customers. They are seeking a Lead Security Analyst who will focus on cloud-centric incident response, primarily in AWS, while also leading investigations across endpoint, identity, and SaaS environments.
AnalyticsCopywritingMarketingSaaSSocial Media
Responsibilities
Track emerging threats (active exploitation, 0-days, vendor advisories, high-risk CVEs) and quickly assess relevance to our AWS environment and endpoints
Triage external and internal inputs (customer-reported issues, bug bounty reports, security research, escalations) and drive them through validation, investigation, and mitigation when risk is confirmed
Translate threat intelligence into practical actions: containment guidance, detection updates, and prioritized remediation
Lead and execute high-severity security incidents across AWS, endpoints, identity, and SaaS environments
Drive incidents from initial signal through scoping, containment, eradication, recovery, and post-incident review
Reconstruct attacker activity by correlating AWS and endpoint evidence to determine initial access, persistence, privilege escalation, lateral movement, and impact
Produce clear incident documentation (timelines, findings, evidence, and actionable recommendations) for both technical and non-technical stakeholders
Investigate AWS incidents including IAM abuse, credential compromise, control-plane attacks, persistence mechanisms, and lateral movement
Use AWS telemetry to scope and confirm activity, including CloudTrail, CloudWatch Logs, VPC Flow Logs, IAM, and GuardDuty
Lead investigations involving common AWS compromise patterns
Execute containment actions across cloud surfaces, including credential/session revocation, policy/role changes, resource quarantine, and access tightening, balancing speed with service impact
Identify visibility and telemetry gaps and work with engineering teams to close them (logging coverage, retention, alerting, access model for incident response)
Improve detection coverage across AWS and endpoint environments by validating detections against real-world attack scenarios and incident learnings
Partner with detection engineering to test and deploy new detections, tune noisy detections, and strengthen investigation context
Build and maintain investigation and response automation using SOAR tools and scripting
Develop and evolve AWS and endpoint incident response playbooks and ensure they’re usable under pressure
Partner with Engineering, SRE, and IT to implement mitigations, including infrastructure configuration changes and application-level fixes when needed
Track corrective actions to completion and ensure incident learnings translate into durable prevention (not just documentation)
Qualification
Required
Strong understanding of software engineering fundamentals, including code structure, build systems, dependencies, and package ecosystems—enabling effective partnership with Engineering teams
Understanding of CI/CD pipelines and DevOps workflows, enabling collaboration with Infrastructure and DevOps teams
Solid knowledge of cloud architecture, especially Amazon Web Services (AWS) services used in modern cloud-native deployments
Hands-on experience responding to AWS security incidents, including investigation and containment actions
Familiarity with SaaS architectures, identity systems, and integration patterns for effective collaboration with Cloud Security teams
Proven experience leading complex security incidents across cloud and endpoint environments
Strong understanding of identity and access concepts (IAM roles, federation, OAuth, privilege escalation patterns)
Experience using a SIEM for investigations and detection development (Splunk preferred)
Comfortable scripting or automating in Python to accelerate investigations and response workflows
Strong Linux investigation skills; solid working knowledge of macOS and Windows
Preferred
Experience operating in multi-account AWS environments and building practical IR workflows for scale (centralized logging, access patterns, guardrails)
Familiarity with AWS security services beyond core telemetry (e.g., Security Hub, Detective, Config, Macie)
Familiarity with Kubernetes, containers, serverless infrastructure, or modern distributed systems
SOAR experience building reliable, auditable automations and response workflows
Benefits
Equity plan to receive restricted stock units (RSUs)
Overtime pay
Flexibility and connection
In-person onboarding
Accommodations or assistance due to a disability
Company
HubSpot
HubSpot develops cloud-based, inbound marketing software that allows businesses to transform the way that they market online.
Founded in 2006
5001-10000 employees
H1B Sponsorship
HubSpot has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (148)
2024 (125)
2023 (101)
2022 (107)
2021 (43)
2020 (33)
Funding
Current Stage
Public CompanyTotal Funding
$100.5MKey Investors
Scale Venture PartnersMatrixGeneral Catalyst
2014-10-10IPO
2012-11-05Series E· $35M
2011-03-08Series D· $32M
Leadership Team
Yamini Rangan
Chief Executive Officer
Dharmesh Shah
Founder and CTO
Recent News
2026-01-12
2026-01-09
Company data provided by crunchbase